summaryrefslogtreecommitdiff
path: root/lib/Travelynx/Model
diff options
context:
space:
mode:
Diffstat (limited to 'lib/Travelynx/Model')
-rw-r--r--lib/Travelynx/Model/Users.pm15
1 files changed, 12 insertions, 3 deletions
diff --git a/lib/Travelynx/Model/Users.pm b/lib/Travelynx/Model/Users.pm
index e465ee1..7b95efd 100644
--- a/lib/Travelynx/Model/Users.pm
+++ b/lib/Travelynx/Model/Users.pm
@@ -8,6 +8,7 @@ use strict;
use warnings;
use 5.020;
+use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);
use DateTime;
use JSON;
@@ -61,6 +62,14 @@ sub new {
return bless( \%opt, $class );
}
+sub hash_password {
+ my ( $self, $password ) = @_;
+ my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 );
+ my $salt = en_base64( pack( 'C[16]', @salt_bytes ) );
+
+ return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt );
+}
+
sub get_token_id {
my ( $self, $type ) = @_;
@@ -471,7 +480,7 @@ sub add {
my $user_name = $opt{name};
my $email = $opt{email};
my $token = $opt{token};
- my $password = $opt{password_hash};
+ my $password = $self->hash_password( $opt{password} );
# This helper must be called during a transaction, as user creation
# may fail even after the database entry has been generated, e.g. if
@@ -577,11 +586,11 @@ sub delete {
return \%res;
}
-sub set_password_hash {
+sub set_password {
my ( $self, %opt ) = @_;
my $db = $opt{db} // $self->{pg}->db;
my $uid = $opt{uid};
- my $password = $opt{password_hash};
+ my $password = $self->hash_password( $opt{password} );
$db->update( 'users', { password => $password }, { id => $uid } );
}